The Payment Services Regulations 2017 and 2011 impose clear AML and KYC obligations on every payment institution operating in the UK. Understanding what those obligations require in practice — and which technology providers and specialist vendors can deliver them — is where Agnos Consulting adds value. Steven Faulkner brings 30 years of experience applying these frameworks across payment operations globally.
Speak to StevenThe PSR 2017 and the Money Laundering Regulations 2017 set out a clear framework. Understanding what each element requires — and how it applies to your specific business model — is the starting point for any compliant programme.
Every payment institution must verify the identity of its customers before providing services. The level of due diligence required — standard, simplified or enhanced — depends on the risk profile of the customer, the product and the geography. Getting this calibration right from the outset is critical to both compliance and operational efficiency.
All payment transactions must be screened against sanctions lists — including OFSI, OFAC and EU designations depending on your corridors. Screening must happen in real time for instant payment products. The choice of screening vendor, the configuration of match thresholds and the process for handling alerts all require careful design.
Ongoing monitoring of transactions to detect patterns inconsistent with the customer's known profile is a regulatory requirement. The monitoring rules must be calibrated to your specific customer base and payment flows — an off-the-shelf ruleset applied without configuration will generate either too many false positives or miss genuine risk.
A documented assessment of the money laundering and sanctions risks across your entire business — products, customers, geographies and delivery channels — is a mandatory starting point. This risk assessment drives every other element of your compliance programme and must be kept current as your business evolves.
The AML and KYC technology market is crowded. Choosing the wrong vendor — or the right vendor configured incorrectly — creates both regulatory risk and operational cost. Steven Faulkner has worked with the leading providers across KYC, screening and transaction monitoring and can advise on fit for your specific use case.
Electronic identity verification, document checking, biometric liveness detection and business verification platforms. The right choice depends on your customer mix, your geographic reach and your onboarding volume. Over-engineering KYC for a low-risk customer base creates friction and abandonment.
Real-time sanctions screening engines, watchlist data providers and transaction monitoring platforms. Evaluation criteria include match accuracy, false positive rates, API integration capability, regulatory coverage and total cost of ownership — not just headline licence fees.
Acquiring a payment institution means acquiring its compliance history. A target with AML weaknesses carries regulatory risk that survives the transaction — and can result in enforcement action against the acquirer. Agnos Consulting conducts AML and KYC due diligence as part of broader acquisition assessments.
The quality and completeness of the target's AML programme — policies, procedures, transaction monitoring configuration, screening coverage, SAR history and regulatory correspondence. Gaps and weaknesses are quantified and reflected in deal terms or remediation plans.
Review of the target's regulatory history — FCA correspondence, supervisory visits, voluntary requirements and any enforcement action. Assessment of outstanding regulatory risk and the likelihood of post-acquisition regulatory scrutiny.
Assessment of the target's KYC, screening and transaction monitoring infrastructure. Identification of vendor dependencies, integration risks and the cost of bringing the programme up to standard post-acquisition.
Where weaknesses are identified, a prioritised remediation roadmap — including estimated cost, timeline and regulatory sequencing — to support deal negotiation and post-completion integration planning.